- due to a bug, setting an attribute ID in the /attributes/add API call can lead to overwriting an existing attribute
performance improvements:
- massive improvements to the correlation performance
- improvements to the attribute validation process
- Regular expressions are now only checked for attributes
- Regular expressions are now defined and checked on a type by type
basis, with the setting "ALL" affecting all attributes
- creation / deletion of several attributes in one edit to accommodate
for several checked type options
- perform on all admin option now only saves attributes that actually
get changed by the regexp, making the function usable again for larger
databases
- Some feedback on what got changed during a perform on all
- UI changes in the index / regexp add / edit views to reflect the type
sensitivity changes
- Since regexp can be used to blacklist things, there's no need to have
two separate features that accomplish the same thing
- Add a regexp named /1.1.1.1/ with nothing as replacement and it will
behave the same as adding a blacklist for 1.1.1.1 in the old system.
- Fixed an issue that caused attribute values to be converted to 1 on
save in case of an empty regexp table
- Filename validation now happens via whitelisting instead of filename
sanitization
if Import Whitelist item has regex and no replacement, then do not allow
an attribute having value the regex and do not allow events having info
conform that regex.
If it's just an existing behavior or lib,
place it in a plugin directory structure in <cydefsig>/plugins.
If there is a need to change an extern existing plugin,
extend the existing plugin by a new plugin in <cydefsig>/app/Plugin.
This way there is a very clean devision between own and external code.
The external code can be updated without touching own nor changed code.
Iglocska